This invention relates to a computer connected to a network and, more particularly, to a network security system for use therein to prevent invasion into an internal system that requires keeping secrecy from a network hacker.
It is known in the art to provide a firewall system within a computer system connected to an external network, such as the Internet, to prevent invasion of a network cracker. A known prior art firewall system is provided with a bastion host, which implements a firewall program, to prevent invasion of a network cracker. A dual firewall system using two bastion hosts is also known in the art.
With reference to FIGS. 7 and 8, such a prior art system using two bastion hosts will be described.
FIG. 7 shows a system connecting an internal network to an external network (i.e. the Internet) 702. To the Internet 702, the internal network is connected via a screening router 704. The screening router 704 is set up such that all traffic received from the external network 702 and destined for the internal network is routed to an outside network 706 of a bastion host 708. The screening router 704 applies filter rules to the incoming traffic before it is sent to the bastion host 708, whereby only the traffic passing the filter rules is sent to the bastion host 708.
The outside network 706 forms a Demilitarized Zone (DMZ). The outside network 706 is not protected by the bastion host 708 that implements a firewall. Traffic from the external network 702 is transferred to a private network 710 via the outside bastion host 708. Since the private network 710 keeps secrecy to some extent by means of the firewall, those hosts to be accessed from the outside world as well as internal hosts which do not require strict secrecy can be positioned at this level.
Other hosts requiring stricter security are connected to an inside network 714, which is connected to the private network 710 via an inside bastion host 712 that implements a firewall. Since the inside network 714 is protected by the dual firewall, those hosts adapted for providing highly secret items (for example, keys for electronic signatures) can be connected thereto.
While in the inside network as described above, secrecy is kept in a stricter manner by means of the dual firewall, it fails to provide any special function associated with such dual firewall and, thus, there exists limitation as far as conventional firewall programs are used, This is due to the fact that the firewall programs are complex and executed at the application level. FIG. 7 shows such a situation. That is, traffic from the external network 702 is transferred to the outside bastion host 708 via the screening router 704. Then, it is transferred again to the inside network 714 via the inside bastion host 712. In the bastion hosts 708 and 712, firewall programs 716 and 718 are implemented at the application layer to prevent invasion of a network hacker.
Implementation at the lower layers is done at the same levels as a conventional operating system (OS). This portion looks like a black box to a user. Thus, even if there exists in this portion a security hole for access from a network hacker, an ordinary user cannot recognize such a security hole, or should the user notice such a security hole, it would be too late to take any actions.
By way of example, a security hole may be due to an OS bug, hardware faults, setup misses of various software parameters and the like. In case a fault associated with an external access occurs due to these causes, a stuck-open fault (forcing the involved entity to be inoperable) does not raise any serious problem, but a stuck-at fault (forcing the involved entity to pass through data) raises a serious security problem.
Whenever a firewall server is contaminated by such a stuck-at fault or a malicious person, information such as a destination IP address, a service type and the like contained in a header of TCP/IP (a protocol of the Internet) may be possibly faked. Checking at the driver level (lower layer) has been insufficient to cope with such a problem. On the other hand, development of a firewall that is independent of an OS requires coding at the OS level, which necessitates much effort and costs if it is possible at all.
It is, therefore, an object of the present invention to provide a network security system which has a higher security level and which does not have defects in an essential portion of a firewall.